At an Interop roundtable discussion Wednesday morning moderated by F5 Networks‘ Ken Salchow, several customers, industry analysts, and others talked about trends in the consumerization of IT. Here are the major takeaways:

Everyone in the room seemed to agree that both business units and end users are now provisioning applications. One analyst asked: “Are you serious? Are users even capableof provisioning their own apps?” With Millenials, who are technology natives, entering the workplace, it’s not surprising that someone who gets hired in marketing or sales might be competent to configure an application. Web apps aren’t rocket science. It’s not as if these folks are doing devops.

Consumerization is banging down the door of IT. In a side conversation, someone wondered, “When are CIOs going to get it?” Well, the CIOs I talk with do get it, but they’re vastly outnumbered by their staff, and staffer don’t necessarily get it yet. CIOs are going to have to take the time to educate their staff in what consumerization is, why it’s not going away, and how it may even make their lives easier or better. What if you could actually focus on business problems and apps instead of focusing so much on infrastructure?

— During a discussion of the risks of consumer devices and cloud computing adoption, I brought up the “helicopter parent” mental model that we used in our recent “Trifecta of Change: 2011 End User Device Survey” InformationWeek Analytics report. The question for the group was: Does helicopter parentingeliminaterisk, and can IT ever eliminate risk, or should IT chill out a little bit when business owners say that the benefits are huge? — There was a discussion on whether qualification criteria for sensitive docs is practical. That is, can data be classified appropriately so that inappropriate data isn’t shared outside of the organization? There wasn’t a tremendous amount of consensus on this point, which makes me think it’s going to be an ongoing issue. One person, ex-military, called it a very difficult problem. Another stated that cloud “might force IT to at least look at data that needs protection.” Indeed.

The discussion very quickly migrated toward security. Enterprise security model changes might include layering, risk mitigation, and segregating and dividing data. “Find out what really matters and secure that,” one attendee said, implying that in this brave new world, perhaps not everything can be fully secured. It might be as much about “risk acceptance” as “risk management.”

I found the discussion about acceptable use policies to be excellent. One analyst spoke about customers for whom he has helped craft policies that let employees use their own consumer devices to handle company data but also give their companies the right to wipe that data and remotely monitor the personal device. If you take this approach, run it by your attorneys and make sure to get individual employees to sign off!

Jonathan Feldman is a contributing editor for InformationWeek and director of IT services for a rapidly growing city in North Carolina. Write to him at jf@feldman.org or at @_jfeldman.